Adding a PHP textarea input section to a SQL query report

Question

I am trying to add a text area to my SQL query report, outputted in PHP. The database contains applications for jobs with a drinks company, which are submitted through a form on the homepage. I want to add a Notes column, so that the managers can make a not of then they were called back, if they got the job and so on, for the benefit of other managers that use the system (so people aren't called twice, for example).

This is the Report code that I'm using at the moment, but I think I may have overlooked something. (Please excuse any incorrect indentations, I'm not too used to pasting code into this)

    <body>
    <?require_once $_SERVER['DOCUMENT_ROOT']."/includes/incFunctions.php";

    opendb();
    function getTeamData() {
        $sql = "SELECT * from team WHERE t_preferredCity='Liverpool' order by t_id desc";
        $result=mysql_query($sql);

        while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
            $teamData[] = $row;
        }
        return $teamData;
    }


    $teamApps = getTeamData();
    echo "<!--";
    //print_r($teamApps);
    echo "-->";
    ?>

    <table id="rounded-corner" width="100%">
      <tr style="font-weight:bold;">
        <th>Photo</th>
        <th>Name</th>
        <th>D.O.B.</th>
        <th>Contact No.</th>
        <th>E-mail</th>
        <th>Preferred City</th>
        <th>Availabilty</th>
        <th style="width:70px;">Own Car?</th>
        <th>Previous Work</th>
  </tr>
<?
$i=0;
foreach($teamApps as  $teamApp) {
$i++;
?>
  <tr>
    <td>
    <?
    if (substr($teamApp["t_picture"],0,3)=="htt"){?>
    <a onclick="window.open(this.href);return false"href="<?=$teamApp["t_picture"]?>"><img style="width:100px;"src="<?=$teamApp["t_picture"]?>" alt="<?=$teamApp["t_name"]?>"/></a>
    <?}else{?>
    NO PHOTO
    <?}?>

    </td>
    <td><?=$teamApp["t_name"]?></td>
    <td><?=$teamApp["t_dob"]?></td>
    <td><a href="tel:<?=$teamApp["t_contact"]?>"><?=$teamApp["t_contact"]?></a></td>
    <td><a href="mailto:<?=$teamApp["t_email"]?>"><?=$teamApp["t_email"]?></a></td>
    <td><?=$teamApp["t_preferredCity"]?> </td>
    <td>
    <?=($teamApp["t_nightsMo"] ? "Mon," : "")?>
    <?=($teamApp["t_nightsTu"] ? "Tue," : "")?>
    <?=($teamApp["t_nightsWe"] ? "Wed," : "")?>
    <?=($teamApp["t_nightsTh"] ? "Thur," : "")?>
    <?=($teamApp["t_nightsFr"] ? "Fri," : "")?>
    <?=($teamApp["t_nightsSa"] ? "Sat," : "")?>
    <?=($teamApp["t_nightsSu"] ? "Sun" : "")?>


    </td>
    <td><?=($teamApp["t_ownCar"]==-1 ? "<span class=\"yes\">Yes</span>" : "<span class=\"no\">No</span>")?></td>
    <td><?=$teamApp["t_previousWork"]?></td>
    <td><form><textarea rows="5" cols="20"><?=$teamApp["t_notes"]?></textarea><input type="submit" value="Submit"></form></td>
  </tr>

<?
}?>

</table>
<?
closedb();

?>
</body>

As you'll notice, I've started to add a form to the Notes column, but I'm almost certain that won't work, because I don't know how to tie make it add the text to the Notes column.

Any help would be appreciated, and let me know if I need to expand on anything.

Thanks :)

Answer 1

I hope, I got you right. Here are some snippets that may help you:

Text-Input vs. Textarea

The basic syntax of a text-input and a textarea:

# Text-Input 
<input type="text" name="t_notes" value="<?php echo $data_array["t_notes"]?>"/>

# Textarea
<textarea name="t_notes"><?php echo $data_array["t_notes"]?></textarea>

HTML Form (form.php)

A form for saving your data (add and edit). The "@" suppresses errors. So, there will be no error, if the $data_array is empty.

<form method="POST" action="save.php">
    <input type="hidden" name="t_id" value="<?php echo @$data_array["id"]?>"/>
    ... some inputs/textareas ...
    <textarea name="t_notes"><?php echo @$data_array["t_notes"]?></textarea>
    <input type="submit" value="save"/>
<form>

save.php

A basic save script: INSERT (no ID set) or UPDATE (ID set). I really recommend using a Database-Class for handling stuff like this. Google for "PDO Class", "MySQL Class", "Database Class" - you'll find a lot!

<?php
if (empty($_POST)) {
    die("no data sent.");
}

$id = $_POST["t_id"];
if (is_numeric($id)) {
    // update, because the ID is numeric
    $sql = "UPDATE team SET t_notes = " . mysql_real_escape($_POST["t_notes"]) . " WHERE t_id = ". $id;
} else {
    // insert, because no ID was set
    $sql = "INSERT INTO team (t_notes) VALUES ('". mysql_real_escape($_POST["t_notes"]) ."')";
}

// die, if there was a mysql error
if (!mysql_query($sql))
    die ("MySQL Error: " . mysql_error());
?>

Avoiding the Echo-Shortcut

You're using the echo-shortcut, that's not allowed by every default config. You could get in trouble, if you'll change your host. Since I got in trouble, I avoid it. It's a bit more to type but it could pay off!

Works everytime:
<?php echo $text?>

Shortcut, needs to be activated/allowed by your host:
<?=$text?> 

Answer 2

1. ) You'd need a field containing the id of the record or you can pass the id via a GET-Parameter in the form action uri

2. ) You need a php script that performs an update on the team table wrt. the passed id.

   <body>
   <?require_once $_SERVER['DOCUMENT_ROOT']."/includes/incFunctions.php";
   
   opendb();
   function getTeamData() {
   $sql = "SELECT * from team WHERE t_preferredCity='Liverpool' order by t_id desc";
   $result=mysql_query($sql);
   
   while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
       $teamData[] = $row;
   }
   return $teamData;
   }
   
   if ($_SERVER['REQUEST_METHOD'] == 'POST'){
    $sql = "UPDATE team SET t_notes = '".mysql_real_escape_string($_POST['t_note'])."' WHERE  t_id = ".mysql_real_escape_string($_POST['t_id']);
    $result=mysql_query($sql);
    echo "Note updated!";
   }
   
   
   
   //...
   
   <td>
      <form method='POST'>
      <input type="hidden" name="t_id" value="<?=$teamApp["t_id"]?>" />
      <textarea name="t_note" rows="5" cols="20"><?=$teamApp["t_notes"]?></textarea>                     
      <input type="submit" value="Submit"></form>